Configuring Administrators Locally When Using LDAP or RADIUS

03/26/2020 12 People found this article helpful 98,423 Views

Description

When using RADIUS or LDAP authentication, if you want to ensure that some or all administrative users will always be able to manage the appliance, even if the RADIUS or LDAP server becomes unreachable, then you can use the RADIUS + Local Users or LDAP + Local Users option and configure the accounts for those particular users locally.

For users authenticated by RADIUS or LDAP, create user groups named SonicWall Administrators and/or SonicWall Read-Only Admins on the RADIUS or LDAP server (or its back-end) and assign the relevant users to those groups. Note that in the case of RADIUS you will probably need special configuration of the RADIUS server to return the user group information – see the SonicWall RADIUS documentation for details.

Resolution

When using RADIUS or LDAP authentication, if you want to keep the configuration of administrative users local to the appliance whilst having those users authenticated by RADIUS/
LDAP, perform these steps:

Step 1: Navigate to the Users | Settings page.
Step 2: Select either the RADIUS + Local Users or LDAP + Local Users authentication method.
Step 3: Click the Configure button for respective authentication method

Step 4: For RADIUS, click on the RADIUS Users tab and select the Local configuration only radio button and ensure that the Memberships can be set locally by duplicating RADIUS user names checkbox is checked.

Step 5: For LDAP, click on the LDAP Users tab and select the User group membership can be set locally by duplicating LDAP user names checkbox.

How to Test:

Step 1: Create local user accounts with the user names of the administrative users (note no passwords need be set here) and add them to the relevant administrator user groups.
Step 2: Log off with default Administrator account and login with the newly created user account which is provided Administrator privileges.